(RADIATOR) Problems after authentication

Terry Simons galimore at mac.com
Mon Sep 13 11:36:50 CDT 2004


Hi Elena,

What do you mean by saying that your client is registered with the ip  
address "0.0.0.0"?

Are you referring to some status information gotten from the AP?  If  
so, this is probably a bug in your AP.

If you're seeing this in Windows with something like "ipconfig", but  
you have a statically assigned address in the Windows TCP/IP settings  
configuration dialog, then I would say that you probably have something  
wrong with your windows installation, since you shouldn't ever see a  
0.0.0.0 assigned to an interface when you have a static IP set up.

Or are you saying something else, perhaps?

On Sep 13, 2004, at 4:58 AM, Elena Alcantud Perez wrote:

> Hi all,
>
>
> I am running Radiator for wireless authentication on windows XP, and  
> method chosen is TTLS (with Active Directory in my institutional  
> Windows 2000 server). The supplicant is SecureW2(Alfa-Ariss) and the  
> access points are Cisco Aironet 1100.
>
> My problem is that afer a right authentication the clients appears to  
> be asocciated to the access point (but is refgistered with ip address  
> 0.0.0.0!). Also, when i try the link test, no client is found. In  
> client monitor the message is "Sactisfactory authentication" and  
> network configuration seems ok.
>
> The user registered in the Directory have no restrictions (just for  
> test) and the IP is configurated static with a right address of my  
> network. Could be a problem of storing session keys in the access  
> point?
>
> Here is my radius.cnf:
> ----------------------------------------------------------------------- 
> ------------------------------------------------------------
> Foreground
> LogStdout
> LogDir		c:/Program Files/Radiator
> DbDir		c:/Program Files/Radiator
> Trace           4
>
> AuthPort 1812
> AcctPort 1813
> SocketQueueLength 1000000
> #RewriteUsername	s/^(.*)\\(.*)/$2\@$1/
>
>
> <Client DEFAULT>
>         Secret xxxxxx
>         DupInterval 0
> 	   DefaultRealm my_domain
>
> </Client>
>
>
>
> <Realm DEFAULT>
>
> 	# Strips the realm. You will want to do this if your database
> 	# contains usernames without realms
> 	RewriteUsername	s/^([^@]+).*/$1/
>
> 	MaxSessions	2
> 	AcctLogFileName	%L/detail
> 	WtmpFileName %L/wtmp
>
> 	<AuthLog FILE>
> 		Identifier myauthlogger
> 		Filename %L/authlog
> 		LogSuccess 1
> 		LogFailure 1
> 	</AuthLog>
>
> 	RejectHasReason
>
> <AuthBy LSA>
> 	Identifier LSA
>
> 	Domain my_domain
>
> 	EAPType                         TTLS, TLS
>
>      AddToReply  
> Reply-Message=hello,Service-Type=Framed-User,Framed-Protocol=PPP
> 	RcryptKey romea
>
>
>     EAPTLS_MaxFragmentSize          1000
>     EAPTLS_CAFile                   C:\Documents and  
> Settings\eap96l\Escritorio\certs\demoCA\cacert.pem
>     EAPTLS_CertificateType          PEM
>     EAPTLS_CertificateFile          C:\Documents and  
> Settings\eap96l\Escritorio\certs\radius.pem
>     EAPTLS_PrivateKeyFile           C:\Documents and  
> Settings\eap96l\Escritorio\certs\radius.pem
>     EAPTLS_PrivateKeyPassword       whatever
>     EAPTLS_RandomFile 			 C:\Documents and  
> Settings\eap96l\Escritorio\certs\random
>     EAPTLS_DHFile 			 C:\Documents and  
> Settings\eap96l\Escritorio\certs\dh
>     EAPTLS_SessionResumption 	 0
>     EAPAnonymous                	 anonymous
>     AutoMPPEKeys
>
> 	</AuthBy>
>
>
>
> </Realm>
>
> <Handler TunnelledByTTLS=1>
>     AuthBy LSA
> </Handler>
>
>
> This is the last part of the logfile (after tls negotiation):
> ----------------------------------------------------------------------- 
> -----------------------------------------------
>
> Mon Sep 13 09:33:41 2004: DEBUG: Handling request with Handler  
> 'Realm=DEFAULT'
> Mon Sep 13 09:33:41 2004: DEBUG: Rewrote user name to anonymous
> Mon Sep 13 09:33:41 2004: DEBUG:  Deleting session for  
> anonymous at my_domain, nas-ip-address, 67
> Mon Sep 13 09:33:41 2004: DEBUG: Handling with Radius::AuthLSA: LSA
> Mon Sep 13 09:33:41 2004: DEBUG: Handling with EAP: code 2, 5, 87
> Mon Sep 13 09:33:41 2004: DEBUG: Response type 21
> Mon Sep 13 09:33:41 2004: DEBUG: EAP TTLS inner authentication request  
> for usuario at my_domain
> Mon Sep 13 09:33:41 2004: DEBUG: TTLS Tunnelled Diameter Packet dump:
> Code:       Access-Request
> Identifier: UNDEF
> Authentic:  <214><237>b<188>Q<185>W<140><135><250>lXhbr\
> Attributes:
> 	User-Name = "usuario at my_domain"
> 	User-Password = "usuario"
>
> Mon Sep 13 09:33:41 2004: DEBUG: Handling request with Handler  
> 'Realm=DEFAULT'
> Mon Sep 13 09:33:41 2004: DEBUG: Rewrote user name to usuario
> Mon Sep 13 09:33:41 2004: DEBUG:  Deleting session for  
> usuario at my_domain, nas-ip-address,
> Mon Sep 13 09:33:41 2004: DEBUG: Handling with Radius::AuthLSA: LSA
> Mon Sep 13 09:33:41 2004: DEBUG: Radius::AuthLSA looks for match with  
> usuario
> Mon Sep 13 09:33:41 2004: DEBUG: Radius::AuthLSA ACCEPT:
> Mon Sep 13 09:33:41 2004: DEBUG: Access accepted for usuario
> Mon Sep 13 09:33:41 2004: DEBUG: EAP result: 0, EAP TTLS inner  
> authentication redespatched to a Handler
> Mon Sep 13 09:33:41 2004: DEBUG: Access accepted for anonymous
> Mon Sep 13 09:33:41 2004: DEBUG: Packet dump:
> *** Sending to nas-ip-address port 1645 ....
> Code:       Access-Accept
> Identifier: 15
> Authentic:  <158>@<15>}Z<217><172><236><29><177><208>\%<168>S<132>
> Attributes:
> 	Service-Type = Framed-User
> 	Framed-Protocol = PPP
> 	Reply-Message = "hello"
> 	Reply-Message = "hello"
> 	MS-MPPE-Send-Key =  
> "<155>C<222><196>e<240><231><160><28>7{<3><142><138><149><20>5X<175><16 
> 1><251>?<150><221><216>; 
> <225>0l<17><172>~R<139><209>8<169><242><209><249><25><7><238>(X<137>q^% 
> <187>"
> 	MS-MPPE-Recv-Key =  
> "<242><163><234><<253><191><231><191><15>U<6><159>l<9><4><1><142>\<246> 
> $+<1>P<16><18>Q<175><172>](<4><221><145><249>e<132><132><252><127><131> 
> <148><196><222><2>M<208><216><217><245><220>"
> 	EAP-Message = <3><5><0><4>
> 	Message-Authenticator =  
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
> Mon Sep 13 11:58:14 2004: DEBUG: Reading users file c:/Program  
> Files/Radiator/users
> Mon Sep 13 11:58:14 2004: DEBUG: Finished reading configuration file  
> 'C:\Program Files\Radiator\radius.cfg'
> Mon Sep 13 11:58:14 2004: DEBUG: Reading dictionary file 'c:/Program  
> Files/Radiator/dictionary'
> Mon Sep 13 11:58:14 2004: DEBUG: Creating authentication port  
> 0.0.0.0:1812
> Mon Sep 13 11:58:14 2004: DEBUG: Creating accounting port 0.0.0.0:1813
> Mon Sep 13 11:58:14 2004: NOTICE: Server started: Radiator 3.9 on  
> r114pc157 (LOCKED)
> ----------------------------------------------------------------------- 
> -----------------------------------------------
>
> After searching info in the mailing list and the FAQ´s I have not  
> found anyone with the same problem. I am in a hurry,....Can anyone  
> help me??
>
> Thanks
>
> _________________________________________________________________
> Descarga gratis la Barra de Herramientas de MSN  
> http://www.msn.es/usuario/busqueda/barra? 
> XAPID=2031&DI=1055&SU=http%3A// 
> www.hotmail.com&HL=LINKTAG1OPENINGTEXT_MSNBH
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list